Alerting

Why is my Splunk not Ingesting Emails?

dfrench151
Explorer

Hello,

My Splunk is no longer ingesting emails from our O365 email account anymore. I was not the person to set this up and need assistance in troubleshooting. Can anyone provide assistance/guidance.

 

dfrench151_0-1665699181152.png

 

There is also an error that is showing in regards to the KvStore "KV Store process terminated abnormally (exit code 14, status exited with code 14).", which I'm not sure is related or not. We have a search head cluster setup with 2 indexers that are not clustered.

Labels (1)
0 Karma

Vardhan
Contributor

Hi,

To resolve the issue find the HF in your environment then

  1. Go to the Splunk Web home screen.
  2. Click on Splunk Add-on for Microsoft Office 365 in the left navigation banner.
  3. Click on the Input tab.

And there will be a enable and disable option . First disable the inputs and enable it back again. 

There is nothing to do with the https://splunkbase.splunk.com/app/1739  Splunk app. The log collection will be happen with the help of addon.

0 Karma

Vardhan
Contributor

If you are collecting logs from O365 app. Then try disable the inputs  and enable it back again in HF. 

0 Karma

dfrench151
Explorer

How exactly would I do that?... Would I just rename it to something else, then restart Splunk service?

Would it be the inputs.conf file located at this location? S:\Program Files\Splunk\etc\apps\splunk_ta_o365\local

 

Also, I have a suspicion we could have been using this application as well

https://splunkbase.splunk.com/app/1739 (IMAP Mailbox)

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...